Re: Firewalling with DHCP client
Stefan Srdic <email@example.com> writes:
> Bernd Harmsen wrote:
> > [ From the book "linux firewalls"]
> > Every time the IP Changes pump rewrites the /etc/resolv.conf and can
> > call a script. Add a line like the following to your /etc/pump.conf
> > script /etc/pump.skriptname
> > There are three Parameters transfered to the script:
> > $1 Reason
> > $2 Interface
> > $3 New IP
> > Hope that helps,
> > Bernd
> Well, I tried that and it never worked. I tried to work around it by using a
> text filter in my script. It sorta looks like this:
> # Set the path
> # external network interface
> # External IP address
> IPADDR=" /sbin/pump --status | grep IP: | sed -e 's/.*IP: //' "
> # Drop incoming datagrans spoofing our address
> iptables -A INPUT --source $IPADDR -i $EXTIFACE -j DROP
> When I test the filter in the prompt I always get my IP address in return.
> However, when I run it through the netfilter script I always end up with the
> same error:
> iptables v1.2.2: Unknown arg `--status'
> Try `iptables -h' or 'iptables --help' for more information.
> Why is it that NetFilter reads all of the information inside of the quotes and
> not the outcome of the operation inside of the quotes>?
This is very basic shell behaviour. Replace the quotes with
backticks and it may work.
Master of Swiss Web 2001: http://www.zweifel.ch/
For projects and other business stuff please refer to COBOLT NetServices
(URL: http://www.cobolt.net; Email: firstname.lastname@example.org; Phone: 0041-1-3884400)